In December last year, Entersekt gained FIDO Alliance certification for the FIDO2 server protocol. It had been a long and complex process, so you may wonder why we set out to expand our offering and gain that stamp of approval in the first place. We already had a broad, market-leading authentication portfolio, including a state-of-the-art push authentication solution. Why does Entersekt care so much about FIDO2?
First, let’s talk about what FIDO2 actually is.
One security token to rule them all
FIDO, short for Fast IDentity Online, has been the industry’s answer to the world’s over-reliance on passwords since 2013. Based on free and open standards, FIDO2 is a set of specifications leveraging public-key cryptography and other technologies to provide strong authentication when logging into online services from a desktop or mobile device.
FIDO2 allows consumers to use a single cryptographic authenticator, such as a smartphone or a hardware key, to authenticate themselves with different service providers. Gone are the days when they would have to download dedicated authentication apps or, even worse, deal with proprietary hardware tokens to gain similar capabilities.
Interested to learn more about FIDO and FIDO2? Click here to download our latest ebook, The ultimate guide to FIDO.
Making the SCA circle bigger
So, back to the question of why Entersekt cares about FIDO2. Why did we expand our customer authentication solution to include it?
As specialists in strong customer authentication (SCA) and frictionless, omnichannel banking and payments experiences, it seemed only right that we offer our customers greater choice – so that they can do so for their customers in turn.
By implementing FIDO2, financial institutions can now give their customers the option to authenticate themselves on a website: they no longer need a mobile app to do so. This is especially relevant for people who either do not have a compatible smartphone or prefer not to use their smartphone as an authentication device. Previously, they had to endure unsafe SMS one-time passwords or inconvenient hardware tokens.
Entersekt has been a member of the FIDO Alliance for most of its existence – and ours. We enable FIDO authentication for improved security, user experience and customer choice. Read more
Another interesting use case of FIDO2 is delegated authentication (also called “merchant delegation”). With the aim of increasing the security of electronic commerce transactions, Europe’s Revised Payment Services Directive (PSD2) mandated the use of strong, multi-factor authentication for online payments. While SCA was introduced to boost the security of transactions, the forms it most commonly takes have resulted in additional friction, raising the rate of transaction abandonment.
Fortunately, PSD2 holds the answer to this problem. The regulations allow banks to delegate SCA to third parties such as merchants and wallet providers. Delegated authentication allows consumers to stay within the merchant environment from the moment they start browsing all the way to checkout. The payment can be completed with a single click or biometric verification, regardless of whether the user is shopping on a website or app.
What's next for the FIDO community?
FIDO’s original goal was to eliminate passwords. And together with other developments like behavioral biometrics, we are getting closer and closer to that passwordless future. With FIDO2, a PSD2-compliant authentication solution that promises enhanced customers experience, FIDO broadened its scope; it became relevant in financial services and payments applications. That is not the end of its story.
Read our blog post Passwordless authentication: The future is here to find out why we think passwords are passé.
We will see FIDO2 appearing in more and more use cases. One example is eIDAS (Electronic Identification, Authentication and trust Services). This European Union regulation was created to establish trust in electronic transactions between individuals, organizations, and government entities across member states by standardizing digital IDs and digital signatures. Smart card-based electronic IDs are the usual means for providing high assurance in the scheme, but eIDs lack wide user acceptance for accessing online services because consumers find them too complex to use. Further adoption of smartphones and FIDO2 would go a long way to overcoming these drawbacks.
Read more about Entersekt's approach to passwordless authentication, which enables biometric and browser authentication use cases.